Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Bogus Telstra 'Email Bill' Carries Malware

Outline
Email purporting to be a bill notification from Australian telecommunications company Telstra urges recipients to open an attached file to deal with an overdue account.



Brief Analysis
Although it closely mirrors a genuine Telstra bill notification email, the message is not from Telstra. The attached file contains malware. If you receive one of these messages do not open any attachments or click on any links that it may contain.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: January 17, 2013
First published: January 17, 2013
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

For your account number:
This bill number:

_
Dear,
i
Please find a PDF file of your latest bill attached. It’s due for payment by 13 Jan 13._

We’ve noticed you have an overdue amount which should be paid immediately. Please check this latest bill for the details and contact us if you have any questions.

Looking for an easier way to pay?i
For true convenience and the ability to avoid fees by paying directly from your bank account, why not set up Direct Debit Automatic payments? That way, you’ll know the right amount will get charged against your cheque or savings account on time, so you don’t have to worry about remembering each due date. Plus, we'll send your bill at least two weeks before payment is due so you'll still have time to review each bill and ask any questions. You can learn more about our Direct Debit options here.

Keep on top of your account.
As well as receiving an Email Bill, you can also view and manage your bill online using My Account. It’s a convenient way to keep on top of your account activity, with access from your PC when it suits you.
_
With My Account, you can:
•imanage your Email Bill settings including changing to a detailed or summary bill
•iview, download and pay your bills any time
•imonitor your call costs between bills
•ikeep track of any mobile data usage.
_
If you haven’t registered yet, go to telstra.com/myaccount and use the following information to register:
_
Thanks again for choosing Telstra. If you have any questions or would like to know more, you can call us on 13.22.00 or contact us here
_
See you online soon,

Gerd Schenkel
Executive Director, Telstra Digital

Telstra Email Bill Malware




Detailed Analysis
A Genuine Telstra Email Bill
A Genuine Telstra Email Bill Notification

This message, which purports to be from Australian telecommunications giant Telstra, masquerades as a bill notification message and informs recipients that they have an overdue payment that must be seen to. The message claims that a PDF of the bill is available via an attached file. The message comes complete with the Telstra logo and colour scheme and even includes seemingly official promotional material.

However, the email is not from Telstra and the attached file contains not a PDF bill but a .zip file that harbours malware. This is a quite sophisticated malware campaign. As the screenshot to the right reveals, the message very closely resembles a genuine Telstra email bill notification.

Customers who opt to receive bills from the company via email will be sent notification emails that do indeed have an attached PDF containing the bill. Thus, even more astute Internet users might be tricked into opening the attachment if they are expecting a genuine Telstra bill notification.

Opening the attachment .zip file on these scam emails reveals a hidden .exe file that, if clicked, can install malware on the recipient's computer. The malicious payload attached to these bogus emails may vary. However, the example I tested contained a copy of the Troj/Invo-Zip trojan, which reportedly downloads and installs further malware components.

The lesson here is to always be vigilant and examine emails closely before opening any attachments or links that they may contain. These bogus emails do not include the full name of the recipient as genuine Telstra notifications do. Nor do they contain genuine customer account numbers. So, if the Telstra bill notification message does not address you by name and does not include your real account number ( cross-reference with a previous bill), attachments should not be opened.

Telstra has warned customers about this malware campaign via a post on the Telstra News Blog.


Bookmark and Share

References
Telstra bill scam hits customers
Sophos - Troj/Invo-Zip
Hoax warning: fake Telstra PDF email bills

Last updated: January 17, 2013
First published: January 17, 2013
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer